You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bennett Haselton <be...@peacefire.org> on 2010/07/24 02:10:55 UTC
[users@httpd] trying to ban IPs using htaccess - not working
I'm trying to ban certain IPs from visiting my site, so that they
instead see a message saying "Your IP has been banned, email me if
you think this is an error." I've *almost* got it working -- when
people visit URLs like
http://209.160.28.154/index.html
or
http://209.160.28.154/foo-does-not-exist
they see the "banned IP" message. However, the problem is that if
you try to access the front page:
http://209.160.28.154/
from a banned IP address, you see the "Apache Test Page for CentOS"
page, instead of seeing the "banned IP" message. Anybody recognize
this problem or have an idea of what could be causing it?
In my httpd.conf file, I changed "AllowOverride None" to
"AllowOverride All" in both the default <Directory /> tag and inside
the <Directory "/var/www/html"> tag -- I placed a modified copy of
httpd.conf at:
http://209.160.28.154/httpd.conf
and in /var/www/html I placed a .htaccess file containing these lines:
>>>
ErrorDocument 403 /banned_ip.php
order deny,allow
deny from 71.112.32.149
>>>
and restarted the server. (The page
http://209.160.28.154/banned_ip.php shows the message you're supposed
to see when connecting from a banned IP. 71.112.32.149 is my home
machine IP which I've "banned" for testing purposes.)
So like I said, that almost works, where
http://209.160.28.154/index.html gives the right error message, but
http://209.160.28.154/ does not. Any idea how to change is to that
all URLs under http://209.160.28.154/ will give the "banned IP"
message if connecting from a banned IP?
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Daniel Reinhardt <cr...@cryptodan.net>.
-----Original Message-----
From: Bennett Haselton
Sent: 24 July, 2010 0:10
To: users@httpd.apache.org
Subject: [users@httpd] trying to ban IPs using htaccess - not working
I'm trying to ban certain IPs from visiting my site, so that they
instead see a message saying "Your IP has been banned, email me if
you think this is an error." I've *almost* got it working -- when
people visit URLs like
http://209.160.28.154/index.html
or
http://209.160.28.154/foo-does-not-exist
they see the "banned IP" message. However, the problem is that if
you try to access the front page:
http://209.160.28.154/
from a banned IP address, you see the "Apache Test Page for CentOS"
page, instead of seeing the "banned IP" message. Anybody recognize
this problem or have an idea of what could be causing it?
In my httpd.conf file, I changed "AllowOverride None" to
"AllowOverride All" in both the default <Directory /> tag and inside
the <Directory "/var/www/html"> tag -- I placed a modified copy of
httpd.conf at:
http://209.160.28.154/httpd.conf
and in /var/www/html I placed a .htaccess file containing these lines:
>>>
ErrorDocument 403 /banned_ip.php
order deny,allow
deny from 71.112.32.149
>>>
and restarted the server. (The page
http://209.160.28.154/banned_ip.php shows the message you're supposed
to see when connecting from a banned IP. 71.112.32.149 is my home
machine IP which I've "banned" for testing purposes.)
So like I said, that almost works, where
http://209.160.28.154/index.html gives the right error message, but
http://209.160.28.154/ does not. Any idea how to change is to that
all URLs under http://209.160.28.154/ will give the "banned IP"
message if connecting from a banned IP?
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Bennett,
Try this: http://www.blockacountry.com/.
It will generate the .htaccess for you, and you can build on it.
Thanks,
Daniel
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Nilesh Govindarajan <li...@itech7.com>.
On Mon, Jul 26, 2010 at 11:24 AM, Bennett Haselton
<be...@peacefire.org> wrote:
> At 10:32 PM 7/25/2010, you wrote:
>>
>> On Sat, Jul 24, 2010 at 5:40 AM, Bennett Haselton <be...@peacefire.org>
>> wrote:
>> > I'm trying to ban certain IPs from visiting my site, so that they
>> > instead
>> > see a message saying "Your IP has been banned, email me if you think
>> > this is
>> > an error." Â I've *almost* got it working -- when people visit URLs like
>> > http://209.160.28.154/index.html
>> > or
>> > http://209.160.28.154/foo-does-not-exist
>> > they see the "banned IP" message. Â However, the problem is that if you
>> > try
>> > to access the front page:
>> > http://209.160.28.154/
>> > from a banned IP address, you see the "Apache Test Page for CentOS"
>> > page,
>> > instead of seeing the "banned IP" message. Â Anybody recognize this
>> > problem
>> > or have an idea of what could be causing it?
>> >
>> > In my httpd.conf file, I changed "AllowOverride None" to "AllowOverride
>> > All"
>> > in both the default <Directory /> tag and inside the <Directory
>> > "/var/www/html"> tag -- I placed a modified copy of httpd.conf at:
>> > http://209.160.28.154/httpd.conf
>> > and in /var/www/html I placed a .htaccess file containing these lines:
>> >>>>
>> > ErrorDocument 403 /banned_ip.php
>> > order deny,allow
>> > deny from 71.112.32.149
>> >>>>
>> > and restarted the server. Â (The page
>> > http://209.160.28.154/banned_ip.php
>> > shows the message you're supposed to see when connecting from a banned
>> > IP.
>> > Â 71.112.32.149 is my home machine IP which I've "banned" for testing
>> > purposes.)
>> >
>> > So like I said, that almost works, where
>> > http://209.160.28.154/index.html
>> > gives the right error message, but http://209.160.28.154/ does not. Â
>> > Any
>> > idea how to change is to that all URLs under http://209.160.28.154/ will
>> > give the "banned IP" message if connecting from a banned IP?
>> >
>> > Â Â Â Â -Bennett
>> >
>>
>> If you want to block the IPs on all services you could use iptables
>> along with ipset.
>> You could also put them directly in iptables as chain rules, but as
>> the number of IPs increases, it increases the CPU usage like hell.
>> ipset is viable solution in that case.
>> You just need kernel headers and (probably, I don't remember)
>> netfilter source to compile iptables.
>
> Yeah but rather than blocking the entire connection, I wanted to be able to
> put a message telling people to e-mail me if they think their IP has been
> blocked by mistake.
>
> -Bennett
There's still a cryptic way for that, but I don't know it will work or not.
Create eth0:0 with IP of 192.168.1.X or some other non-public IP.
Make apache listen on that IP, and DNAT/PREROUTE/WHATEVER those ipset
requests to this private IP.
And configure apache vhost for that IP which prints that message.
Also this way, you can block those malicious users from all services-
not only apache and they can contact you if you banned them by
mistake.
Do let me know if you implement successfuly (or try to do so ;)).
--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not
working
Posted by Bennett Haselton <be...@peacefire.org>.
At 10:32 PM 7/25/2010, you wrote:
>On Sat, Jul 24, 2010 at 5:40 AM, Bennett
>Haselton <be...@peacefire.org> wrote:
> > I'm trying to ban certain IPs from visiting
> my site, so that they instead
> > see a message saying "Your IP has been
> banned, email me if you think this is
> > an error." Â I've *almost* got it working --
> when people visit URLs like
> > http://209.160.28.154/index.html
> > or
> > http://209.160.28.154/foo-does-not-exist
> > they see the "banned IP" message. Â However,
> the problem is that if you try
> > to access the front page:
> > http://209.160.28.154/
> > from a banned IP address, you see the "Apache
> Test Page for CentOS" page,
> > instead of seeing the "banned IP" message. Â
> Anybody recognize this problem
> > or have an idea of what could be causing it?
> >
> > In my httpd.conf file, I changed
> "AllowOverride None" to "AllowOverride All"
> > in both the default <Directory /> tag and inside the <Directory
> > "/var/www/html"> tag -- I placed a modified copy of httpd.conf at:
> > http://209.160.28.154/httpd.conf
> > and in /var/www/html I placed a .htaccess file containing these lines:
> >>>>
> > ErrorDocument 403 /banned_ip.php
> > order deny,allow
> > deny from 71.112.32.149
> >>>>
> > and restarted the server. Â (The page
> http://209.160.28.154/banned_ip.php
> > shows the message you're supposed to see when
> connecting from a banned IP.
> > Â 71.112.32.149 is my home machine IP which I've "banned" for testing
> > purposes.)
> >
> > So like I said, that almost works, where
> http://209.160.28.154/index.html
> > gives the right error message, but
> http://209.160.28.154/ does not. Â Any
> > idea how to change is to that all URLs under
> http://209.160.28.154/ will
> > give the "banned IP" message if connecting from a banned IP?
> >
> > Â Â Â Â -Bennett
> >
>
>If you want to block the IPs on all services you could use iptables
>along with ipset.
>You could also put them directly in iptables as chain rules, but as
>the number of IPs increases, it increases the CPU usage like hell.
>ipset is viable solution in that case.
>You just need kernel headers and (probably, I don't remember)
>netfilter source to compile iptables.
Yeah but rather than blocking the entire
connection, I wanted to be able to put a message
telling people to e-mail me if they think their
IP has been blocked by mistake.
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Nilesh Govindarajan <li...@itech7.com>.
On Sat, Jul 24, 2010 at 5:40 AM, Bennett Haselton <be...@peacefire.org> wrote:
> I'm trying to ban certain IPs from visiting my site, so that they instead
> see a message saying "Your IP has been banned, email me if you think this is
> an error." I've *almost* got it working -- when people visit URLs like
> http://209.160.28.154/index.html
> or
> http://209.160.28.154/foo-does-not-exist
> they see the "banned IP" message. However, the problem is that if you try
> to access the front page:
> http://209.160.28.154/
> from a banned IP address, you see the "Apache Test Page for CentOS" page,
> instead of seeing the "banned IP" message. Anybody recognize this problem
> or have an idea of what could be causing it?
>
> In my httpd.conf file, I changed "AllowOverride None" to "AllowOverride All"
> in both the default <Directory /> tag and inside the <Directory
> "/var/www/html"> tag -- I placed a modified copy of httpd.conf at:
> http://209.160.28.154/httpd.conf
> and in /var/www/html I placed a .htaccess file containing these lines:
>>>>
> ErrorDocument 403 /banned_ip.php
> order deny,allow
> deny from 71.112.32.149
>>>>
> and restarted the server. (The page http://209.160.28.154/banned_ip.php
> shows the message you're supposed to see when connecting from a banned IP.
> 71.112.32.149 is my home machine IP which I've "banned" for testing
> purposes.)
>
> So like I said, that almost works, where http://209.160.28.154/index.html
> gives the right error message, but http://209.160.28.154/ does not. Any
> idea how to change is to that all URLs under http://209.160.28.154/ will
> give the "banned IP" message if connecting from a banned IP?
>
> -Bennett
>
If you want to block the IPs on all services you could use iptables
along with ipset.
You could also put them directly in iptables as chain rules, but as
the number of IPs increases, it increases the CPU usage like hell.
ipset is viable solution in that case.
You just need kernel headers and (probably, I don't remember)
netfilter source to compile iptables.
--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Tapas Mishra <mi...@gmail.com>.
Try this
http://www.maxmind.com/app/mod_geoip
http://www.munkyonline.com/articles/htaccess-301-redirects-for-ip-ranges.html
Re: [users@httpd] trying to ban IPs using htaccess - not
working
Posted by Bennett Haselton <be...@peacefire.org>.
At 05:29 PM 7/25/2010, Eric Covener wrote:
>On Sun, Jul 25, 2010 at 8:23 PM, Bennett Haselton
><be...@peacefire.org> wrote:
> > At 05:08 PM 7/25/2010, Eric Covener wrote:
> >>
> >> On Sun, Jul 25, 2010 at 6:55 PM, Bennett Haselton
> <be...@peacefire.org>
> >> wrote:
> >> > By the way, I posted this question on vworker.com (where you
> can post
> >> > "work
> >> > items" for contractors to bid on, although I more often use it
> to post
> >> > questions and then people submit bids for telling me the
> answer), and
> >> > someone told me the answer for $20.
> >> >
> >> > The answer, it turns out, is the
> /etc/httpd/conf.d/welcome.conf file has
> >> > its
> >> > own ErrorDocument 403 directive which matches the "/" page
> when the "/"
> >> > page
> >> > gives a 403 error, so that's why I was getting the Apache test page.
> >> > Comment out the lines in welcome.conf or replace it with a
> zero-byte
> >> > file
> >> > and you're good. (It looks like on this machine we must have
> previously
> >> > figured this out at some point, because welcome.conf had been
> renamed to
> >> > welcome.conf.bak -- but then something mysteriously restored the
> >> > welcome.conf file, which broke it again. I assume it might
> have been a
> >> > "yum
> >> > update" which put back the welcome.conf file. Hopefully having a
> >> > zero-byte
> >> > file there will prevent yum updates from clobbering it.)
> >> >
> >> > This still does not solve the problem of why I'm not getting
> the right
> >> > custom 403 error when I go to https://209.160.28.154/
> though... I still
> >> > don't know how to make the ErrorDocument directive apply to
> the https
> >> > site.
> >>
> >> There's nothing too special about ErrorDocument, see the basic rules
> >> of configuration sections here:
> >>
> >> http://httpd.apache.org/docs/2.2/sections.html
> >>
> >> And recusrively grep your configuration if you don't know what's
> there.
> >
> > I've already read that page and followed the directions, and it's not
> > working the way the page describes it, or at least, there's something
> > missing. The page says:
> > "What Directives are Allowed? --
> > To find out what directives are allowed in what types of configuration
> > sections, check the Context of the directive."
> >
> > That's what I'm doing, and it does not work. The "context" for
> > ErrorDocument says "server config, virtual host, directory,
> .htaccess". I
> > have put the line
> > ErrorDocument 403 /banned_ip.php
> > in the httpd.conf file, in the ssl.conf file both inside and
> outside the
> > <VirtualHost> section, and in the .htaccess file, and none of those
> > combinations are working -- 403 errors in https urls are still
> giving the
> > default 403 error instead of the custom one. There's some extra step
> > required that's not in the documentation, at least not in that
> portion of
> > it. Do you know what it is?
>
>Sure your browser isn't showing you "friendly error messages" for a
>short error document?
Yes. I have that option turned off in IE. In any case, what I'm
seeing is a "403 forbidden" message from Apache and not a "friendly"
one inserted by IE. Besides, when I access http:// URLs that
generate a 403 error, I do see the "your ip has been banned" message
as expected. It's only for https:// URLs that it doesn't work.
>Did you actually search your configuration for other ErrorDocument 403
>directives that might have a higher precedence?
Yes. And anyway like I said I'm seeing the custom 403 error message
when browsing http:// URLs. It's only https:// URLs that give the
default 403 error instead of the custom one.
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Eric Covener <co...@gmail.com>.
On Sun, Jul 25, 2010 at 8:23 PM, Bennett Haselton <be...@peacefire.org> wrote:
> At 05:08 PM 7/25/2010, Eric Covener wrote:
>>
>> On Sun, Jul 25, 2010 at 6:55 PM, Bennett Haselton <be...@peacefire.org>
>> wrote:
>> > By the way, I posted this question on vworker.com (where you can post
>> > "work
>> > items" for contractors to bid on, although I more often use it to post
>> > questions and then people submit bids for telling me the answer), and
>> > someone told me the answer for $20.
>> >
>> > The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf file has
>> > its
>> > own ErrorDocument 403 directive which matches the "/" page when the "/"
>> > page
>> > gives a 403 error, so that's why I was getting the Apache test page.
>> > Comment out the lines in welcome.conf or replace it with a zero-byte
>> > file
>> > and you're good. (It looks like on this machine we must have previously
>> > figured this out at some point, because welcome.conf had been renamed to
>> > welcome.conf.bak -- but then something mysteriously restored the
>> > welcome.conf file, which broke it again. I assume it might have been a
>> > "yum
>> > update" which put back the welcome.conf file. Hopefully having a
>> > zero-byte
>> > file there will prevent yum updates from clobbering it.)
>> >
>> > This still does not solve the problem of why I'm not getting the right
>> > custom 403 error when I go to https://209.160.28.154/ though... I still
>> > don't know how to make the ErrorDocument directive apply to the https
>> > site.
>>
>> There's nothing too special about ErrorDocument, see the basic rules
>> of configuration sections here:
>>
>> http://httpd.apache.org/docs/2.2/sections.html
>>
>> And recusrively grep your configuration if you don't know what's there.
>
> I've already read that page and followed the directions, and it's not
> working the way the page describes it, or at least, there's something
> missing. The page says:
> "What Directives are Allowed? --
> To find out what directives are allowed in what types of configuration
> sections, check the Context of the directive."
>
> That's what I'm doing, and it does not work. The "context" for
> ErrorDocument says "server config, virtual host, directory, .htaccess". I
> have put the line
> ErrorDocument 403 /banned_ip.php
> in the httpd.conf file, in the ssl.conf file both inside and outside the
> <VirtualHost> section, and in the .htaccess file, and none of those
> combinations are working -- 403 errors in https urls are still giving the
> default 403 error instead of the custom one. There's some extra step
> required that's not in the documentation, at least not in that portion of
> it. Do you know what it is?
Sure your browser isn't showing you "friendly error messages" for a
short error document?
Did you actually search your configuration for other ErrorDocument 403
directives that might have a higher precedence?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not
working
Posted by Bennett Haselton <be...@peacefire.org>.
At 05:08 PM 7/25/2010, Eric Covener wrote:
>On Sun, Jul 25, 2010 at 6:55 PM, Bennett Haselton
><be...@peacefire.org> wrote:
> > By the way, I posted this question on vworker.com (where you can
> post "work
> > items" for contractors to bid on, although I more often use it to post
> > questions and then people submit bids for telling me the answer), and
> > someone told me the answer for $20.
> >
> > The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf
> file has its
> > own ErrorDocument 403 directive which matches the "/" page when
> the "/" page
> > gives a 403 error, so that's why I was getting the Apache test page.
> > Comment out the lines in welcome.conf or replace it with a
> zero-byte file
> > and you're good. (It looks like on this machine we must have
> previously
> > figured this out at some point, because welcome.conf had been
> renamed to
> > welcome.conf.bak -- but then something mysteriously restored the
> > welcome.conf file, which broke it again. I assume it might have
> been a "yum
> > update" which put back the welcome.conf file. Hopefully having a
> zero-byte
> > file there will prevent yum updates from clobbering it.)
> >
> > This still does not solve the problem of why I'm not getting the right
> > custom 403 error when I go to https://209.160.28.154/
> though... I still
> > don't know how to make the ErrorDocument directive apply to the
> https site.
>
>There's nothing too special about ErrorDocument, see the basic rules
>of configuration sections here:
>
>http://httpd.apache.org/docs/2.2/sections.html
>
>And recusrively grep your configuration if you don't know what's there.
I've already read that page and followed the directions, and it's not
working the way the page describes it, or at least, there's something
missing. The page says:
"What Directives are Allowed? --
To find out what directives are allowed in what types of
configuration sections, check the Context of the directive."
That's what I'm doing, and it does not work. The "context" for
ErrorDocument says "server config, virtual host, directory,
.htaccess". I have put the line
ErrorDocument 403 /banned_ip.php
in the httpd.conf file, in the ssl.conf file both inside and outside
the <VirtualHost> section, and in the .htaccess file, and none of
those combinations are working -- 403 errors in https urls are still
giving the default 403 error instead of the custom one. There's some
extra step required that's not in the documentation, at least not in
that portion of it. Do you know what it is?
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not working
Posted by Eric Covener <co...@gmail.com>.
On Sun, Jul 25, 2010 at 6:55 PM, Bennett Haselton <be...@peacefire.org> wrote:
> By the way, I posted this question on vworker.com (where you can post "work
> items" for contractors to bid on, although I more often use it to post
> questions and then people submit bids for telling me the answer), and
> someone told me the answer for $20.
>
> The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf file has its
> own ErrorDocument 403 directive which matches the "/" page when the "/" page
> gives a 403 error, so that's why I was getting the Apache test page.
> Comment out the lines in welcome.conf or replace it with a zero-byte file
> and you're good. (It looks like on this machine we must have previously
> figured this out at some point, because welcome.conf had been renamed to
> welcome.conf.bak -- but then something mysteriously restored the
> welcome.conf file, which broke it again. I assume it might have been a "yum
> update" which put back the welcome.conf file. Hopefully having a zero-byte
> file there will prevent yum updates from clobbering it.)
>
> This still does not solve the problem of why I'm not getting the right
> custom 403 error when I go to https://209.160.28.154/ though... I still
> don't know how to make the ErrorDocument directive apply to the https site.
There's nothing too special about ErrorDocument, see the basic rules
of configuration sections here:
http://httpd.apache.org/docs/2.2/sections.html
And recusrively grep your configuration if you don't know what's there.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trying to ban IPs using htaccess - not
working
Posted by Bennett Haselton <be...@peacefire.org>.
By the way, I posted this question on vworker.com (where you can post
"work items" for contractors to bid on, although I more often use it
to post questions and then people submit bids for telling me the
answer), and someone told me the answer for $20.
The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf file
has its own ErrorDocument 403 directive which matches the "/" page
when the "/" page gives a 403 error, so that's why I was getting the
Apache test page. Comment out the lines in welcome.conf or replace
it with a zero-byte file and you're good. (It looks like on this
machine we must have previously figured this out at some point,
because welcome.conf had been renamed to welcome.conf.bak -- but then
something mysteriously restored the welcome.conf file, which broke it
again. I assume it might have been a "yum update" which put back the
welcome.conf file. Hopefully having a zero-byte file there will
prevent yum updates from clobbering it.)
This still does not solve the problem of why I'm not getting the
right custom 403 error when I go to https://209.160.28.154/
though... I still don't know how to make the ErrorDocument directive
apply to the https site.
-Bennett
At 05:10 PM 7/23/2010, Bennett Haselton wrote:
>I'm trying to ban certain IPs from visiting my site, so that they
>instead see a message saying "Your IP has been banned, email me if
>you think this is an error." I've *almost* got it working -- when
>people visit URLs like
>http://209.160.28.154/index.html
>or
>http://209.160.28.154/foo-does-not-exist
>they see the "banned IP" message. However, the problem is that if
>you try to access the front page:
>http://209.160.28.154/
>from a banned IP address, you see the "Apache Test Page for CentOS"
>page, instead of seeing the "banned IP" message. Anybody recognize
>this problem or have an idea of what could be causing it?
>
>In my httpd.conf file, I changed "AllowOverride None" to
>"AllowOverride All" in both the default <Directory /> tag and inside
>the <Directory "/var/www/html"> tag -- I placed a modified copy of
>httpd.conf at:
>http://209.160.28.154/httpd.conf
>and in /var/www/html I placed a .htaccess file containing these lines:
> >>>
>ErrorDocument 403 /banned_ip.php
>order deny,allow
>deny from 71.112.32.149
> >>>
>and restarted the server. (The page
>http://209.160.28.154/banned_ip.php shows the message you're
>supposed to see when connecting from a banned IP. 71.112.32.149 is
>my home machine IP which I've "banned" for testing purposes.)
>
>So like I said, that almost works, where
>http://209.160.28.154/index.html gives the right error message, but
>http://209.160.28.154/ does not. Any idea how to change is to that
>all URLs under http://209.160.28.154/ will give the "banned IP"
>message if connecting from a banned IP?
>
> -Bennett
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org